About GitHub Packages with GitHub Actions
GitHub Actions te ayuda a automatizar tus flujos de trabajo de desarrollo de software en el mismo lugar en el que almacenas código y colaboras con informes de problemas y solicitudes de extracción. Puedes escribir tareas individuales, llamadas acciones, y combinarlas para crear un flujo de trabajo personalizado. Con GitHub Actions puedes crear capacidades de integración continua (CI, por sus siglas en inglés) de extremo a extremo y de funcionamiento continuo (CD, por sus siglas en inglés) directamente en tu repositorio. For more information, see "About GitHub Actions."
You can extend the CI and CD capabilities of your repository by publishing or installing packages as part of your workflow.
Authenticating to package registries on GitHub
To authenticate to package registries on GitHub Enterprise Server, we recommend using the GITHUB_TOKEN
that GitHub Enterprise Server automatically creates for your repository when you enable GitHub Actions instead of a personal access token for authentication. You should set the permissions for this access token in the workflow file to grant read access for the contents
scope and write access for the packages
scope. For forks, the GITHUB_TOKEN
is granted read access for the parent repository. For more information, see "Authenticating with the GITHUB_TOKEN."
You can reference the GITHUB_TOKEN
in your workflow file using the {{secrets.GITHUB_TOKEN}}
context. For more information, see "Authenticating with the GITHUB_TOKEN."
About permissions and package access for repository-owned packages
Note: Some registries, such as RubyGems, npm, Apache Maven, NuGet, Gradle, and Docker packages that use the package namespace docker.pkg.github.com
, only allow repository-owned packages. With Container registry (ghcr.io
) you can choose to allow packages to be owned by a user, an organization, or linked to a repository.
When you enable GitHub Actions, GitHub installs a GitHub App on your repository. The GITHUB_TOKEN
secret is a GitHub App installation access token. You can use the installation access token to authenticate on behalf of the GitHub App installed on your repository. The token's permissions are limited to the repository that contains your workflow. For more information, see "Permissions for the GITHUB_TOKEN."
GitHub Packages allows you to push and pull packages through the GITHUB_TOKEN
available to a GitHub Actions workflow.
Publishing a package using an action
You can use GitHub Actions to automatically publish packages as part of your continuous integration (CI) flow. This approach to continuous deployment (CD) allows you to automate the creation of new package versions, if the code meets your quality standards. For example, you could create a workflow that runs CI tests every time a developer pushes code to a particular branch. If the tests pass, the workflow can publish a new package version to GitHub Packages.
Los pasos de configuración varían de acuerdo con el cliente del paquete. Para obtener información general sobre cómo configurar un flujo de trabajo para GitHub Actions, vea "Configuración de un flujo de trabajo".
The following example demonstrates how you can use GitHub Actions to build and test your app, and then automatically create a Docker image and publish it to GitHub Packages.
Create a new workflow file in your repository (such as .github/workflows/deploy-image.yml
), and add the following YAML:
# Este flujo de trabajo usa acciones que no GitHub no certifica.
# Estas las proporcionan entidades terceras y las gobiernan
# condiciones de servicio, políticas de privacidad y documentación de soporte
# en línea.
# GitHub recomienda anclar acciones a un SHA de confirmación.
# Para obtener una versión más reciente, debes actualizar el SHA.
# También puedes hacer referencia a una etiqueta o rama, pero la acción puede cambiar sin ninguna advertencia.
name: Create and publish a Docker image
on:
push:
branches: ['release']
jobs:
run-npm-build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: npm install and build webpack
run: |
npm install
npm run build
- uses: actions/upload-artifact@v2
with:
name: webpack artifacts
path: public/
run-npm-test:
runs-on: ubuntu-latest
needs: run-npm-build
strategy:
matrix:
os: [ubuntu-latest]
node-version: [12.x, 14.x]
steps:
- uses: actions/checkout@v2
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v2
with:
node-version: ${{ matrix.node-version }}
- uses: actions/download-artifact@v2
with:
name: webpack artifacts
path: public
- name: npm install, and test
run: |
npm install
npm test
env:
CI: true
build-and-push-image:
runs-on: ubuntu-latest
needs: run-npm-test
permissions:
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Log in to GitHub Docker Registry
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
with:
registry: docker.pkg.github.com
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push Docker image
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
with:
push: true
tags: |
docker.pkg.github.com/${{ github.repository }}/octo-image:${{ github.sha }}
The relevant settings are explained in the following table. For full details about each element in a workflow, see "Workflow syntax for GitHub Actions."
|
Configures the Create and publish a Docker image workflow to run every time a change is pushed to the branch called release .
|
|
This job installs NPM and uses it to build the app. |
|
This job uses npm test to test the code. The needs: run-npm-build command makes this job dependent on the run-npm-build job.
|
|
This job publishes the package. The needs: run-npm-test command makes this job dependent on the run-npm-test job.
|
|
Sets the permissions granted to the GITHUB_TOKEN for the actions in this job.
|
|
Creates a new step called Log in to GitHub Docker Registry , which logs in to the registry using the account and password that will publish the packages. Once published, the packages are owned by the account defined here.
|
|
Creates a new step called Build and push Docker image . This step runs as part of the build-and-push-image job.
|
|
Uses the Docker build-push-action action to build the image, based on your repository's Dockerfile . If the build succeeds, it pushes the image to GitHub Packages.
|
|
Sends the required parameters to the build-push-action action. These are defined in the subsequent lines.
|
|
Pushes this image to the registry if it is built successfully. |
|
Tags the image with the SHA of the commit that triggered the workflow. |
This new workflow will run automatically every time you push a change to a branch named release
in the repository. You can view the progress in the Actions tab.
A few minutes after the workflow has completed, the new package will visible in your repository. To find your available packages, see "Viewing a repository's packages."
Installing a package using an action
You can install packages as part of your CI flow using GitHub Actions. For example, you could configure a workflow so that anytime a developer pushes code to a pull request, the workflow resolves dependencies by downloading and installing packages hosted by GitHub Packages. Then, the workflow can run CI tests that require the dependencies.
Installing packages hosted by GitHub Packages through GitHub Actions requires minimal configuration or additional authentication when you use the GITHUB_TOKEN
.
Los pasos de configuración varían de acuerdo con el cliente del paquete. Para obtener información general sobre cómo configurar un flujo de trabajo para GitHub Actions, vea "Configuración de un flujo de trabajo".